A method of reading attributes of an ID-token

The invention relates to a method for reading of attributes of an ID-token with the following steps: - authentication of the user to the ID-token and optional establishment of a secured communication channel (SM [PACE]) between ID-token and user computer system, - Mutual authentication and establishment of a first secure communication channel (SM [CA] # 1), with end-to-end encryption between the ID-token and the ID provider computer system over the network - performing a first read access (107) of the ID provider computer system to the ID-token to read the attributes according to the first attribute specification from the ID-token, - transmission of a data stored in the memory area of ​​the ID-token first subset of the range specified in the first attribute specification attributes (109) from the ID-token to the ID provider computer system via the first secure communication channel, - generating a second attribute specification (111) of a second subset of the attributes of the first attribute specification which specifies that the attributes which are not included in the first subset and transmission of the second attribute specification from the ID provider computer system to the ID-token via the first secure transmission channel, - Storage of the second attribute specification in the ID token, - authentication of an attribute provider computer system (172) to the ID-token, - authentication of the ID token against the attributes provider computer system - Establishing a second secure communication channel (SM [CA] # 2) with end-to-end encryption between the attribute provider computer system and the ID-token, wherein the first secure communication channel remains, - transmission of the second attribute specification of the ID token via the second secure communications channel to the attribute provider computer system, - performing a write access (176) of the attribute provider computer system via the second secure communications channel to store attributes according to the second attribute specification in the ID token, - Optional performing a write access (176) of the attribute provider computer system via the second secure communications channel for storing a third attribute specification in the ID-token for any unwritten attributes, - Optional mutual authentication and secure construction of a third transmission channel (SM [CA] # 3) with end-to-end encryption between the attribute provider computer system and the ID-token with ...